We are in the process of building a secure network reference architecture for member firms as guidance. Are there any good examples I can use?

Security Strategy & RoadmapIT Strategy & Roadmap
1.6k viewscircle icon2 Comments
Sort by:
Head of PMOa year ago

There's some material on this on NCSC's website.  One page of which is: Architecture and configuration - NCSC.GOV.UK and there is more if you search the site.    I've seen various examples at the different public authorities where I've worked over the years but they are rarely distributed widely.

VP of IT in Retaila year ago

I would focus on NIST and ISO/IEC 27001.

The NIST Framework - The National Institute of Standards and Technology (NIST) provides a framework for improving critical infrastructure cybersecurity. The NIST framework is notable for its focus on risk management and its adaptability, allowing it to be applied in a variety of contexts.

ISO/IEC 27001 - ISO/IEC 27001 is an international standard for information security. It provides a set of standardized requirements for an Information Security Management System (ISMS). The standard adopts a process-based approach for establishing, implementing, operating, monitoring, maintaining, and improving your ISMS.

Content you might like

We are on the cusp of conducting a pilot of AI tooling - we intend to use Gemini & CoPilot, providing training, guidance & policy to our user group.  Before we start we should conduct a risk assessment -  my question is: can you recommend a tool or template?

Read More Comments

How does your organization handle security team involvement in change requests submitted to CAB/RAB — specifically in relation to formal security review and approval?

Always required – Security must formally review and approve every change request.11%

Required for security-impacting changes – Security reviews only changes flagged as having potential security implications. Please comment : Who decides which changes require security review and which do not ? Is this determination manual or automated? How do you avoid gaps or oversights in this process ?82%

Not required – Security does not review changes submitted CAB/RAB by other teams. 7%

Risk-based or automated – Security involvement is determined by a tiered model or automated risk scoring within ITSM.

View Results

Currently in our Enterprise Architecture tool and repository, we have a Business Capability Model (BCM) and a Technology Capability Model (TCM). Enabling Applications (e.g., SAP, Salesforce etc.) are mapped to the BCM, and enabling technologies (e.g., API gateway) are mapped to the TCM. However, some capabilities like Data Management are common to both models and we are trying to figure out best way to represent that.

How have you organized your capability model? Is it a single model containing business and technical capabilities or two separate models? If later, how are you organizing common capabilities like Data Management?

Read More Comments

Ransomware negotiator Retainer? Do you currently hold a retainer with a ransomware negotiator consulting firm? If so any recommendations?

In your software testing, how do you prioritize your regression test cases? Choose up to 3.

Statement coverage24%

Branch coverage43%

Fault-exposing potential41%

Risk-based prioritization47%

Requirements-based prioritization38%

Model-based prioritization15%

Other1%

Don't prioritize1%

View Results